CS 669: Design for Security
Credits: 3-0-0-9
Prerequisites: Knowledge equivalent of CS220 and CS641
Who can take the course: PhD, Masters, 3rd and 4th year UG Students
Departments that may be interested: CSE, EE
Course Objective
Developing a secure cryptographic algorithm is only the first step towards achieving a secure architecture. Most of the cryptographic algorithms are based on complex mathematical operations (starting from finite field inversion to scalar multiplication in elliptic curves) and therefore developing efficient hardware implementation of such complex algorithms is a challenging problem. Additionally, any cryptographic architecture suffers from implementation vulnerabilities like side channel leakages. A side channel adversary observes/record the information leakage through physical channels like time and power consumption or electromagnetic radiation. Using this information, a side channel adversary can easily break a mathematically secure crypto implementation and obtain the secret key. In this course, we will focus on both these aspects of cryptographic implementations. The first part of the course will discuss the implementations of complex finite field operations, architecture of block and stream cipher, and elliptic curve cryptography. Next, we will show the impact of side channel analysis and possible countermeasures against such attacks. A brief discussion will also be provided on FPGA architectures and hardware Trojans. The contents selected for the course are based on research papers from top-tier journals and conferences such as IEEE TIFS, IACR TCHES, IEEE TC, ACM TECS, IEEE TVLSI, DAC, DATE, etc. covering advanced topics of hardware security.
Course Contents
- Module 1: Finite Field Arithmetic Hardware
- Introduction to finite field
- Finite field operations: Addition, Multiplication and Inversion
- Application of finite field in cryptography
- Finite field addition architectures
- Finite field multiplication architectures
- Finite field inversion architectures
- Introduction to FPGA architecture
- Module 2: Secure Constructions of Block Cipher: AES
- AES S-Box Construction
- Iterative AES Architecture
- Power based side channel attack on AES
- Side channel evaluation methodology
- Side channel countermeasure: Threshold Implementation
- Fault attack on AES: DFA and Trojan based
- Fault attack countermeasure: Redundancy and Infection
- Module 3: Secure Constructions of Stream Cipher: Grain
- Introduction to linear feedback shift register (LFSR)
- Berlekamp–Massey algorithm
- Issues with LFSR based encryptions
- Implementations of stream cipher Grain
- Module 4: Efficient Implementation of Elliptic Curve Architectures
- Introduction to public key cryptosystem
- Introduction to elliptic curve cryptography
- Elliptic curves in GF(2m)
- Elliptic curves in GF(p)
- Secure scalar multiplication algorithm
- Montgomery elliptic curve: Implementation of Curve25519
- Side channel attack on elliptic curve and countermeasure
- Elliptic curve isogeny based cryptosystem for post quantum computing
Books
- Debdeep Mukhopadhyay and Rajat Subhra Chakraborty,“Hardware Security: Design, Threats, and Safeguards”, CRC Press, 2014.
- Doug Stinson, Cryptography Theory and Practice, CRC Press, 2005.
- Samir Palnitkar, “Verilog HDL: A Guide to Digital Design and Synthesis”, Prentice Hall, 1996.
- Michael D. Ciletti, “Advanced Digital Design with the Verilog HDL”, Pearson, 1996 .
- Ted Huffmire et al: “Handbook of FPGA Design Security”, Springer, 2014.